Note: A newer version of this article is available. The cmdlets below will be deprecated in March 2024. See the newer version for details about how to remove Azure AD user accounts using the Microsoft Graph PowerShell SDK.
When you delete a user from the Office 365 control panel they are moved into a recycle bin for 30 days so that they can be recovered easily if the deletion was not intended.
However, if you want to permanently remove a deleted user in Office 365 you can use PowerShell. For this task you will need the Azure Active Directory for PowerShell module installed on your computer.
First, connect to your Azure Active Directory by running Connect-MsolService and entering your admin credentials in the dialog box that appears.
Caution: do not proceed unless you are completely sure that you want to permanently remove the users.
PS C:Scripts> Connect-MsolService
To see a list of the deleted users run Get-MsolUser with the -ReturnDeletedUsers switch.
PS C:Scripts> Get-MsolUser -ReturnDeletedUsers
You can remove a specific deleted user with Remove-MsolUser and the -RemoveFromRecycleBin switch.
PS C:Scripts> Remove-MsolUser -UserPrincipalName Lynn@office365bootcamp.com -RemoveFromRecycleBin Confirm Continue with this operation? [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y
To remove all deleted users you can pipe the Get-MsolUser output to Remove-MsolUser and add the -Force switch to avoid being prompted for each removal.
Caution: be very careful here not to accidentally delete all users from your Azure Active Directory.
PS C:Scripts> Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
Cybersecurity Risk Management for Active Directory
Discover how to prevent and recover from AD attacks through these Cybersecurity Risk Management Solutions.
since msol commands are going away what would be the Graph equivalent?
Did you read the linked article? https://practical365.com/permanently-remove-deleted-office-365-users/
Pingback: How to Permanently Remove Deleted Microsoft 365 Users from Azure AD
Great work!
I have a doubt. What will be the Command to be run, in order to view the list of permanently removed Deleted users??
please help, I’m a Newbie
Seems like a lot of instructions start with step 2.
O.k. I’m a newbie to powershell. What does “For this task you will need the Azure Active Directory for PowerShell module installed on your computer.” entail? Seems like that should be step one. “You should already know how to do that.” – You got me. I don’t.
The link took me to the Microsoft documentation site – I searched for “Azure Active Directory for PowerShell” but nothing with similar sounding name came up.
Seems like a lot of instructions tend to start with step 2.
Hello Dave,
Maybe you don’t need help anymore but it might help someone else. You can just try by opening one Windows PowerShell window on your computer. Make sure to open it as administrator. Then type in Install-Module MSOnline. This will install the module and then you will be able to run the command Connect-MsolService and follow the rest of the steps. More info here https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-msonlinev1?view=azureadps-1.0.
For you to be able to connect to Azure with powershell you need to install a powershell module. This is an add in that you can install by following this guide: https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-msonlinev1?view=azureadps-1.0
After installing the module, you can connect to Azure by using the Connect-MsolService command. This will prompt you for your office365 admin credentials. After entering your username and password your powershell session should connect to Azure/office365/exchange online and you will be able do the rest of the guide.
Fab instructions worked a treat, thanks
Used the -RemoveFromRecycleBin to remove a user, but all data gone! after a day or two we wanted to restore the deleted user onedrive but this can’t be done according to MS Support employee.
Does anyone know if this is ossibel to restore?
You can’t restore this if you performed this command, if you delete the user from ” Deleted Users” with this powershell command, the account will permanently deleted and cannot be recovered.
This is the reason why users stay in de “Deleted users” for 30 days, after that these accounts and data will also be permanently deleted.
Great article, thank you very much!
This was excellent solution while there was the command get-msoluser.
Now they removed it with the new EOL PowerShell module.
I can’t figure out how to do it with the get-mailbox command.
Please update this article and enlighten us how to remove permanently the deleted mailboxes.
Thanks.
install-module AzureAD
install-module AzureADPreview
install-module MSOnline
THEN run the msol commands
Thank you very much for this article.
It was worked excellently.
Use below script to delete mailboxes in bulk. Input Csv file with only one field “UPN”.
$users = import-csv .\DeleteMsolUser.csv -delimiter “,”
foreach ($user in $users)
{
$upn=$user.UPN
Remove-MsolUser -UserPrincipalName $upn -Force
Remove-MsolUser -UserPrincipalName $upn -RemoveFromRecycleBin -Force
}
can this be done in the SharePoint online management shell?
Great article, thank you so much! We had a few issues working out how to remove the users that were persistent in the “Recycling Bin”, but we ended up using the following which successfully returned/removed all users found without any issues.
Get-MsolUser -ReturnDeletedUsers -All | Where-Object { $_.ObjectId -ne $null } | ForEach-Object { Remove-MsolUser -ObjectId $_.ObjectId -RemoveFromRecycleBin -Force }
Thanks again for the article!
-Kyle
Now that’s a script with balls Nice job!
Fantastic work as always!
Btw, your link is dead for the “Azure Active Directory for PowerShell module”. The steps that worked for me:
1. Install the 64-bit version of the Microsoft Online Services Sign-in Assistant: https://go.microsoft.com/fwlink/p/?LinkId=286152
2. Install the Microsoft Azure Active Directory Module by opening Powershell and typing Install-Module MSOnline
Keep up the GREAT work!
Awesome Article!!
Was exactly what I was looking for.
Keep up the great work!
Just what I needed.
Thanks.
Very nicely put together! Thanks for the guide.
I have a tenant admin account, which has got many domains created. users are created for each domain.
I need to delete users of a particular domain.(when tenant admin has got many domains to manage) using powershell scripts. Could you please help me regarding this one.
you could come up with something with a little of Google’s help:
https://technet.microsoft.com/en-us/library/dn705745.aspx
Get-MsolPartnerContract -DomainName TENANT.onmicrosoft.com
get-msoluser -all -tenantid “TENANT-ID” -returndeletedusers | Remove-msoluser -removefromrecyclebin -force
I post this with no responsibilty what so ever… You should try this in a test environment first!
hope this helps you to get on the right track
cheers.
sorry you need the tenant id again in the remove command:
get-msoluser -all -tenantid “TENANT-ID” -returndeletedusers | Remove-msoluser -tenantid “TENANT-ID” -removefromrecyclebin -force
Tried this today (was logged on as a reseller, tried to purge some client’s deleted users) – did not work. It turned out that you must be logged in as an account global admin to be able to delete users.
Sorry, just noticed the second part must have tenant ID as well. I tried this:
get-msoluser -all -tenantid “TENANT-ID” -returndeletedusers | Remove-msoluser -tenantid -removefromrecyclebin -force
and it did not work, so I probably had to run it like this:
get-msoluser -all -tenantid “TENANT-ID” -returndeletedusers | Remove-msoluser -tenantid “TENANT-ID” -removefromrecyclebin -force
Appreciate your well put together article – very helpful
Great article Paul, Thanks for sharing…..
Paul – great article.
What is the impact on the user’s OneDrive, email inbox and any content that they’ve created in SharePoint? I’ve seen conflicting reports about grace periods for those, perhaps it’s changed over the last few years.
Looking for answer on this as well.
They are all gone after removing from recycling bin. If you recreate them its like creating a new AD account it wont link back with the old profiles due to GUID changes.
I have heard if you have the weight and maybe wallet its possible Microsoft can get it back for you. For legal reasons and so on this sounds plausible.
However you are trying to permanently delete them for a reason.
I maybe wrong in the future, if they bring in a 3rd safety net.
I just removed the user from AD OU and did a sync, thus deleting the user. Ran the powershell commands to empty the recycle bin. Added user back into the OU. Ran other sync. User appeared back in portal unlicensed. Licensed user. Mailbox still there. All 50GB of it. It’s like the Herps.
Did it again and waited like an hour. All good.
Easy article, worked perfectly, thanks.